The ICO – why we need a well-resourced Regulator

We are all clamouring for advice about the GDPR; why hasn’t the Information Commissioner’s Office provided us with comprehensive guidance on consent, profiling, children’s data, accountability? And, so the list goes on.

The Regulator is under significant pressure to provide guidance ahead of the ever looming 25 May 2018 deadline for enforcement of the new EU Regulation, and all the complexities that lie therein. But, we can’t expect the ICO to provide us with the guidance we desperately seek, if it simply doesn’t have adequate resources to do so.

The GDPR has led to businesses across the nation eager to recruit new staff with data protection expertise, and where better to poach them from than from within the Regulator itself? The ICO is effectively suffering a brain drain.

In a recent interview for the Financial Times Information Commissioner, Elizabeth Denham said the ICO couldn’t prepare to implement and oversee the new Regulation, advising businesses on how to comply and simultaneously to “continue to do our day jobs” if its experts keep being lost to both public and private organisations who can pay more.

Ms Denham says she urgently needs more staff on better pay and has called on the Government to help. The ICO is currently covered by the Government pay cap, making it a real challenge to recruit people with the level expertise of expertise needed.

It is crucial that the UK has a Regulator that has the resources and talent to be effective, not only do we face the GDPR, there is also the proposed ePrivacy Regulation and Brexit on the horizon too. Guidance from the ICO has always provided evidence of best practice, without this guidance, there is a risk that encouraging compliance will be more problematic and individual’s rights may not be best served.

Copyright DPN

The information provided and the opinions expressed in this document represent the views of the Data Protection Network. They do not constitute legal advice and cannot be construed as offering comprehensive guidance to the Data Protection Act 1998 or other statutory measures referred to in the document.